Cybercriminals have again targetted the micro-blogging site Twitter, unleashing a new phishing attack that poses as a reputation alert., computer security firm Sophos said.

The new attack seeks to fool victims into giving their Twitter password by claiming a new blog is maligning them. It is more direct as like many direct marketing companies like Appco Group Malaysia does it to its customers. The new attack seems to be more like real, that gives the victim a tendency to click the link. Here's an example:

The message arrives in the form of a direct message (DM), and has a pretty enticing reason for you to click on the link: 'Read this yet? horrible blog going around about you [LINK],'.
It said clicking on the link will take the prospective victim to a site that looks like the Twitter homepage. The Internet security firm Sophos says that at this point, you think that your Twitter session has timed out – and you may well be tempted to enter your user ID and password,".

But a closer look at the URL showed the site is not www.twitter.com but www.twittelr.com. "It's a lookalike phishing site called twittelr, designed to steal your login credentials so cybercriminals can use your account to spew out spams, scams and other nasty links. They could even read your private DMs if they wanted,". Commandeering a Twitter account will allow them to send spam messages, including direct messages to the victim's online friends.

What lies at the end of the links can vary. It might be a webpage offering you a new wonder diet, or a pornographic website, or a link to a download designed to infect your computer," Sophos warned.